Published: 21/01/2009 Updated: 13/02/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 440

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit prior to 1.5.2 allow remote malicious users to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache jackrabbit 1.4
apache jackrabbit 1.5.0

source: wwwsecurityfocuscom/bid/33360/info Apache Jackrabbit is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This may ...

source: wwwsecurityfocuscom/bid/33360/info Apache Jackrabbit is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This may al ...

CWE-79 http://www.securityfocus.com/bid/33360 http://secunia.com/advisories/33576 https://issues.apache.org/jira/browse/JCR-1925 http://securityreason.com/securityalert/4942 http://www.apache.org/dist/jackrabbit/RELEASE-NOTES-1.5.2.txt http://www.vupen.com/english/advisories/2009/0177 https://exchange.xforce.ibmcloud.com/vulnerabilities/48110 http://www.securityfocus.com/archive/1/500196/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/32742/

CVE-2009-0026

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect